Websites Are Cryptojacking Your Computer


What is cryptojacking?

I am not sure who coined (pun intended) the word cryptojacking, but it is a good description of what goes on when a website secretly uses your computer to mine cryptocurrency without your permission. At last count, there are 2,496 websites that will use your computer to mine cryptocurrency when you visit them. Some will even continue mining after you have closed your browser.

Not surprisingly, 80% of the same websites also run credit card skimmers that can steal your payment card details. Some of the websites were infected with the crypto mining script without the sysadmins’ knowledge. Currently, the script mines the cryptocurrency Monero because it can be effectively mined by ordinary consumer PCs. The script was written by Coinhive as a “legitimate” way for website owners to earn money without advertising.

Your users can “pay” you with full privacy, without registering an account anywhere, without installing a browser extension and without being bombarded by shady ads. They will pay you with just their CPU power.

— Coinhive website

Is cryptojacking legal?

Cryptojacking is so new, the law hasn’t caught up yet. Or at least, no one has yet used existing law to challenge cryptojackers. I suppose if a website included a notice in their Terms of Use that they will use your CPU to mine cryptocurrency, it would be legal to do so. But when was the last time you read a website’s Terms of Use? The closest any website has come to an opt-in or opt-out was in September when Pirate Bay asked its users, “Do you want ads or do you want to give away a few of your CPU cycles every time you visit the site?”

How does cryptojacking affect my computer?

The cryptojacking script slows down PCs by using as much of the CPU as it can, leaving little processing power for everything else. Depending on how you use your computer, you may not notice it. But if you often have several tabs open in your browser, cryptojacking can drastically slow your computer. Cryptojacking can cost you too. It has been estimated that it can add from $2.90 to $5.00 per month to your electricity bill. The cryptojacking scripts will also run on mobile devices that visit the same websites. The scripts can quickly drain smartphone, tablet, and laptop batteries.

How can I protect my computer from cryptojacking?

Some anti-malware software vendors are now blocking websites that run cryptojacking scripts. MalwareBytes began blocking them in October.

There are also browser extensions that will block web pages that are running the scripts. For Chrome, Coin-hive blocker, No Coin, and Anti-Miner are extensions specifically for blocking mining scripts and web pages.

For Firefox, you can use the add-on Coinhive Blocker, or search Firefox Add-ons Manager for “coinhive” for a list of 6 or 7 different cryptocurrency mining blockers.

For Firefox and Opera, Mining Blocker not only blocks the Coinhive script but also blocks a comprehensive list of cryptocurrency mining scripts.

The popular Adblock Plus extension can also be used to block cryptojacking scripts by adding a filter. Adblock Plus is available for Chrome, Firefox, Opera, IE, Edge, and Safari 

You can also block Coinhive scripts by adding to your hosts file. This will effectively block your computer from communicating with the Coinhive websites. This method will work on Windows, Mac or Linux computers and for all browsers.

For Windows, you can use Anti-WebMiner. It is free, open-source software that will automatically edit your hosts file to block websites “blacklisted” for cryptojacking. An advantage of Anti-WebMiner is that it works regardless of the browser you are using.

I have been using the Coin-hive blocker extension for Chrome. It was one of the first script blocking extensions. I like it because it can be turned on and off by clicking its icon on the browser’s toolbar. Although, Anti-Miner is interesting because it will show how many scripts it has blocked both on the current web page and overall. It also allows you to “whitelist,” or exclude websites from its script filtering.

For now, I wouldn’t depend on DNS services like Quad9 that block malicious websites to block cryptojacking websites. They may block the 80% of cryptojacking websites that are using credit card skimmers. But since it is possible to offer website users an opt-in for cryptocurrency mining, I’m not sure they will block them specifically for it.

Do you think your computer has been cryptojacked? Leave a comment and let us know, or tell us how you are protecting your computer from cryptojacking.


No Comments

Please join the discussion! Tell us what you think.

%d bloggers like this: